FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2129752927> ?p ?o ?g. }

• W2129752927 abstract "In this thesis we develop techniques for analyzing security-relevant functionality in a program that do not require access to the program's source code, only to its binary form. Such techniques are needed to analyze closed-source programs such as commercial-off-the-shelf applications and malware, which are prevalent in computer systems. Our techniques are dynamic: they extract information from executions of the program. Dynamic techniques are precise because they can examine the exact run-time behavior of the program, without the approximations that static analysis requires. In particular, we develop dynamic program binary analysis techniques to address three problems: protocol reverse-engineering, binary code reuse, and model extraction. We demonstrate our techniques on a variety of security applications including active botnet infiltration, deviation detection, attack generation, vulnerability-based signature generation, and vulnerability discovery. Protocol reverse-engineering techniques infer the grammar of undocumented program inputs, such as network protocols and file formats. Such grammars are important for applications like network monitoring, signature generation, or botnet infiltration. When no specification is available, rich information about the protocol or file format can be reversed from a program that implements it. We develop a new approach to protocol reverse-engineering based on dynamic program binary analysis. Our approach reverses the format and semantics of protocol messages by monitoring how an implementation of the protocol processes them. To demonstrate our techniques, we extract the grammar of the previously undocumented C&C protocol used by MegaD, a prevalent spam botnet. Binary code reuse techniques make a code fragment from a program binary reusable by external source code. We propose a novel approach to automatic binary code reuse that identifies the interface of a binary code fragment and extracts its instructions and data dependencies. The extracted code is self-contained and independent of the rest of the functionality in the program. To demonstrate our techniques, we use them to extract proprietary cryptographic routines used by malware and show how those routines enable infiltrating botnets that use encrypted protocols. Model extraction techniques build a model of the functionality of a code fragment. Closed-source programs often contain undocumented, yet security-relevant, functionality such as filters or proprietary algorithms. To reason about the security properties of such functionality we develop model extraction techniques that work directly on program binaries. To produce models with high coverage, we extend previous dynamic symbolic execution techniques to programs that use string operations, programs that parse highly structured inputs, and programs that use complex functions like encryption or checksums. We demonstrate the utility of our techniques to discover vulnerabilities in malware and use the extracted models to automatically find subtle content-sniffing XSS attacks on Web applications, to identify deviations between different implementations of the same functionality, and to generate signatures for vulnerabilities in software." @default.
• W2129752927 created "2016-06-24" @default.
• W2129752927 creator A5019426968 @default.
• W2129752927 creator A5080300192 @default.
• W2129752927 date "2010-01-01" @default.
• W2129752927 modified "2023-09-26" @default.
• W2129752927 title "Grammar and model extraction for security applications using dynamic program binary analysis" @default.
• W2129752927 cites W105131483 @default.
• W2129752927 cites W109909280 @default.
• W2129752927 cites W138996787 @default.
• W2129752927 cites W142308502 @default.
• W2129752927 cites W143519483 @default.
• W2129752927 cites W1481472066 @default.
• W2129752927 cites W1482382132 @default.
• W2129752927 cites W1486443221 @default.
• W2129752927 cites W1489157620 @default.
• W2129752927 cites W1492437080 @default.
• W2129752927 cites W1496257659 @default.
• W2129752927 cites W1497028280 @default.
• W2129752927 cites W1499241274 @default.
• W2129752927 cites W1515790419 @default.
• W2129752927 cites W1516506771 @default.
• W2129752927 cites W1538375546 @default.
• W2129752927 cites W1543478129 @default.
• W2129752927 cites W1551162551 @default.
• W2129752927 cites W1553308705 @default.
• W2129752927 cites W1556212265 @default.
• W2129752927 cites W1563300346 @default.
• W2129752927 cites W157156687 @default.
• W2129752927 cites W1574173537 @default.
• W2129752927 cites W1587193466 @default.
• W2129752927 cites W1588668624 @default.
• W2129752927 cites W1589713274 @default.
• W2129752927 cites W1593034229 @default.
• W2129752927 cites W1595564425 @default.
• W2129752927 cites W1597305440 @default.
• W2129752927 cites W1598169875 @default.
• W2129752927 cites W1642192185 @default.
• W2129752927 cites W1653446932 @default.
• W2129752927 cites W165448527 @default.
• W2129752927 cites W1710734607 @default.
• W2129752927 cites W172560767 @default.
• W2129752927 cites W1779735989 @default.
• W2129752927 cites W179510128 @default.
• W2129752927 cites W1811216268 @default.
• W2129752927 cites W1817780983 @default.
• W2129752927 cites W1871873841 @default.
• W2129752927 cites W1896822992 @default.
• W2129752927 cites W1903577715 @default.
• W2129752927 cites W1910771831 @default.
• W2129752927 cites W1921075642 @default.
• W2129752927 cites W1941166084 @default.
• W2129752927 cites W1956767865 @default.
• W2129752927 cites W1966982815 @default.
• W2129752927 cites W1968061803 @default.
• W2129752927 cites W1968632081 @default.
• W2129752927 cites W1972235549 @default.
• W2129752927 cites W1976878954 @default.
• W2129752927 cites W1978063312 @default.
• W2129752927 cites W1984248430 @default.
• W2129752927 cites W1993836075 @default.
• W2129752927 cites W2002821154 @default.
• W2129752927 cites W2002934700 @default.
• W2129752927 cites W2009489720 @default.
• W2129752927 cites W2015903771 @default.
• W2129752927 cites W2027991598 @default.
• W2129752927 cites W2033811087 @default.
• W2129752927 cites W2034362794 @default.
• W2129752927 cites W2039468209 @default.
• W2129752927 cites W2042708654 @default.
• W2129752927 cites W2046166587 @default.
• W2129752927 cites W2049867480 @default.
• W2129752927 cites W2057330156 @default.
• W2129752927 cites W2065948900 @default.
• W2129752927 cites W2066183757 @default.
• W2129752927 cites W2066210260 @default.
• W2129752927 cites W2071112258 @default.
• W2129752927 cites W207759855 @default.
• W2129752927 cites W2079029390 @default.
• W2129752927 cites W2096449544 @default.
• W2129752927 cites W2100583963 @default.
• W2129752927 cites W2100666033 @default.
• W2129752927 cites W2100894869 @default.
• W2129752927 cites W2101080231 @default.
• W2129752927 cites W2101512909 @default.
• W2129752927 cites W2102166619 @default.
• W2129752927 cites W2102970979 @default.
• W2129752927 cites W2104136059 @default.
• W2129752927 cites W2104588447 @default.
• W2129752927 cites W2105341394 @default.
• W2129752927 cites W2110066339 @default.
• W2129752927 cites W2110076463 @default.
• W2129752927 cites W2110318050 @default.
• W2129752927 cites W2110986027 @default.
• W2129752927 cites W2111427271 @default.
• W2129752927 cites W2111487235 @default.
• W2129752927 cites W2112243500 @default.
• W2129752927 cites W2114067856 @default.
• W2129752927 cites W2115175195 @default.
• W2129752927 cites W2115675703 @default.

• next